njrat | af20d219cb1b2a55aa52637195a6f797f6fb980148735c54e5598c224d32307e

General

Target

af20d219cb1b2a55aa52637195a6f797f6fb980148735c54e5598c224d32307e
Size

34KB
MD5

67d7c2625c89f6217f7d588c04dca69d
SHA1

c0ca3427565d686cc7d06ef577815dd4bf037eaa
SHA256

af20d219cb1b2a55aa52637195a6f797f6fb980148735c54e5598c224d32307e
SHA512

7ae568bd0350b6fd3e0ec3b6440c3bd4b9f6a45a3fe9160cb5a1c9e0d041c9caf8bb44accc0b69786127936f6380e0fd848f4c2759f1563abd46c038a20c4bfc
SSDEEP

768:XO34EqdUffHhALQU4ug9ZRg0IeP0hVO92tSfJ:XOIEAUffH2B4T9gZo92to

Score

10^/10

hacked njrat

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

0.tcp.eu.ngrok.io:18595

Mutex

919094467c31347c7137dd444837fdc3

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/5b45188cebe24c4309d3d884cb92bc5d9466e9dd8fa57f670b0008931e18562e.exe

af20d219cb1b2a55aa52637195a6f797f6fb980148735c54e5598c224d32307e
.zip

Password: infected
5b45188cebe24c4309d3d884cb92bc5d9466e9dd8fa57f670b0008931e18562e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ